"As one who accepts the adage “I don’t know what I don’t know”, networking with fellow PRISM members has allowed me to simply know more about how to succeed in our industry."
Privacy Plus Certification Criteria
1. Administrative
1.1 Appropriate safeguards to protect the privacy of client information during handling
1.1.1 Written privacy policy
1.1.2 Designated privacy officer
1.1.3 Documented controls and procedures
1.1.3.1 For visitor access to storage areas
1.1.3.2 For handling customer information inside storage areas
1.1.3.3 For handling customer information in transit
1.1.3.4 For employees to report suspected breaches
1.1.3.5 For responding to suspected breaches
1.1.3.6 For responding to clients regarding breaches as required by law
1.1.3.7 For sanctioning employees who violate privacy policies
1.1.4 Testing / auditing of documented controls and procedures
1.2 Employee training: all employees exposed to sensitive information trained annually.
1.2.1 On privacy policy
1.2.2 On documented controls and procedures
1.2.3 On awareness of privacy laws and regulations
1.2.4 New employees exposed to sensitive information trained within 30 days of hire date.
1.3 Annual privacy risk assessments
1.3.1 Identify privacy risks
1.3.2 Mitigation plan documentation
1.4 Contractual controls to ensure that information shared with other third parties is appropriately protected by the third party
1.5 Pre-employment screening process in place for all employees
1.6 Confidentiality agreements signed by all employees
2. Technical
2.1. Applicable safeguards are in place to protect the privacy of client information stored digitally in company's IT systems
2.1.1 Risk-appropriate firewall and anti-virus software installed and properly functioning
2.2 If clients are provided access to their online inventory, then encryption during transmission must be properly installed and utilized
3. Physical
3.1 Applicable safeguards are in place to protect physical information against unauthorized access while in transit and in storage
3.1.1 Monitored security system on all storage facilities
3.1.2 All access doors to storage areas either locked or access area is controlled and monitored
3.1.3 Vehicles containing client information are locked at all time
In addition, applicants must certify that at least one representative of their company has attended and completed the Privacy+ Certification preparedness program within the past 12 months.
What Our Members Say
Dave Heric, Principal, DataSite Northwest